Responsibilities

Roles Responsibility Frequency
All Officers (All Directorates)

Ensure that any correspondence received via post, or delivered in person to the Council offices, is actioned.  If the documentation needs to be retained, ensure that it is scanned in and stored electronically on any appropriate CRM system and the paper copy of the document, is securely disposed of.

Ongoing
All Officers (All Directorates)

To action emails received from members of the public, or that contain personal information as soon as possible and to then delete the email once fully actioned (and no longer required). 

If the email needs to be retained, ensure that it is stored electronically on any appropriate CRM system and the original email deleted from officers mailbox.

Ongoing
All Officers (All Directorates) Ensure paper records are kept to an absolute minimum and to avoid storing in personal drawers, lockers, desk and trays wherever possible. Ongoing

Line Managers / Team Leaders

(All Directorates)

Ensure staff are routinely reminded of the responsibilities covered above. Ongoing

Line Managers / Team Leaders

(All Directorates)

Ensure staff receive training and support where appropriate. Ongoing

Data Controllers / Information Asset Owners

(All Directorates)

To be aware of regulatory requirements relating to the retention of data they collect and store. Ongoing

Data Controllers / Information Asset Owners

(All Directorates)

To notify the GDPR Compliance Officer of statutory / regulatory changes that occur relating to the retention of the data held by their Directorate. Ongoing

Data Controllers / Information Asset Owners

(All Directorates)

Ensure that all personal data is retained and disposed of, is done so in line with GDPR and statutory requirements. Ongoing
HR Manager To ensure HR / staff records are retained and disposed of, in line with GDPR and statutory requirements. Ongoing
Health and Safety Officer Ensuring that all Corporate Health and Safety records are retained and, when appropriate, disposed of in line with GDPR and statutory requirements. Ongoing
Directors/Heads of Service

Ensuring that all teams are complying with GDPR;  ensuring that Data Retention Schedules are completed; ensuring that the Council's suppliers and contractors demonstrate GDPR compliance and that they check their credentials and guarantees. As a controller the Council need to have a written contract that explicitly defines each parties' responsibilities and liabilities. Importantly, data controllers are always liable for the compliance with GDPR.

In addition, if the Council operate outside the EU the Council need to document the location of the controlling authority within the EU. Contracts with suppliers, verification and ongoing management are key to long term GDPR compliance.

Ongoing
Chief Executive Overall Officer level responsibility for data retention.  Ongoing
Audit Work with ICT to review batch deletion to ensure it is functioning appropriately and that a suitable audit trail is recorded. Annually
Audit Undertake spot checks as identified in the risk assessment. Ongoing
Policy & Communications Ensuring that Marketing Strategies and Events are compliant with GDPR and keeping Staff updated. Ongoing

Head of ICT

The Information Manager will have overall responsibility for maintaining systems capable of batch deletion of information that has reached its retention limit. As required

Head of ICT

Work with Audit to review batch deletion to ensure it is functioning appropriately and that a suitable audit trail is recorded. Annually

Data Retention Scedule

The Councils data retention schedule can be viewed on the Councils website.

Update cookies preferences